Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FUZZ] Prysm mismatch when processing ProposerSlashing (error expected: ProposerNotSlashable) #91

Closed
pventuzelo opened this issue Nov 4, 2020 · 2 comments
Labels
crash confirmed Crash is confirmed and developers are notified prysm

Comments

@pventuzelo
Copy link
Contributor

Beaconfuzz_v2 just found a ProposerSlashing that is interpreted differently by eth2 clients:

  • Lighthouse, Nimbus and Teku reject this ProposerSlashing (ProposerNotSlashable return by lighthouse)
  • Prym process the file and create a post state

Info to Reproduce

Download: issue_prysm_ProposerNotSlashable.zip

Run:

$ unzip issue_prysm_ProposerNotSlashable.zip
$ cd issue_prysm_ProposerNotSlashable
$ ../beaconfuzz_v2 debug beacon.ssz proposer.ssz ProposerSlashing

[+] beaconfuzz_v2
[DEBUG] beaconstate_path = issue_prysm_ProposerNotSlashable/beacon.ssz
[DEBUG] beaconstate length = 2725297
[DEBUG] container_path = issue_prysm_ProposerNotSlashable/proposer.ssz
[DEBUG] container length = 416
[LIGHTHOUSE] SSZ decoding true
[LIGHTHOUSE] Err(ProposerSlashingInvalid { index: 0, reason: ProposerNotSlashable(0) })
[LIGHTHOUSE] Processing false
[PRYSM] Mismatch post
[PRYSM] Processing true
[NIMBUS] Processing false
[TEKU] Processing false

Your Environment

  • Fuzzer ran: beaconfuzz_v2
  • Version/Commit used: bb16bde
  • Operating System and version: ubuntu
@pventuzelo pventuzelo added crash confirmed Crash is confirmed and developers are notified prysm labels Nov 4, 2020
@pventuzelo pventuzelo changed the title [FUZZ] Prysm mismatch when processing ProposerSlashing (ProposerNotSlashable error expected) [FUZZ] Prysm mismatch when processing ProposerSlashing (error expected: ProposerNotSlashable) Nov 4, 2020
@pventuzelo
Copy link
Contributor Author

Bug has been confirmed by Prysm: prysmaticlabs/prysm#7725

FYI, Prysm was using an incorrect epoch when validating the slashing.
Instead of using the current epoch in the beacon state, they was using the proposer_slashing's epoch.

I will test the fix and update the internal pfuzz lib today

pventuzelo added a commit that referenced this issue Nov 5, 2020
@pventuzelo
Copy link
Contributor Author

pventuzelo commented Nov 5, 2020

Confirmed to be fixed ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crash confirmed Crash is confirmed and developers are notified prysm
Projects
None yet
Development

No branches or pull requests

1 participant